package arch.chameleon.module.security.realm.web;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.springframework.web.servlet.ModelAndView;

import arch.chameleon.module.web.AbstractUserController;

/**
 * 异步未授权处理
 * @author George
 *
 */
public class UnauthorizedAsyncController extends AbstractUserController {

	@Override
	protected ModelAndView handleRequestInternal(HttpServletRequest request,
			HttpServletResponse response) throws Exception {
		Map<String, Object> mpModel = new HashMap<String, Object>();
		try{
			Object objPrincipal = SecurityUtils.getSubject().getPrincipal();
			log.error("User [{}] requested a unauthorized resource. ", new Object[]{objPrincipal});
			throw new AuthorizationException(String.format("User[%s] requested a unauthorized resource.", objPrincipal));
		}catch(Throwable t){
			return rtnFailureView(mpModel, true, t);
		}		
	}
}
